opentelemetry-demo
opentelemetry-demo copied to clipboard
Grafana won't start up on OpenShift
Bug Report
Which version of the demo you are using? opentelemetry-helm-charts b969a4f
Symptom
A clear and concise description of what the bug is.
What is the expected behavior? Following the install instruction from https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-demo#readme. Grafana pod should start up successfully.
What is the actual behavior? Grafana deployment was unable to start any Grafana pod.
pods "otel-demo-grafana-794f498b79-" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/grafana]: Forbidden: seccomp may not be set, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{472}: 472 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 472: must be in the ranges:
Reproduce
1. helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
2. oc new-project opentelemetry-demo
3. oc create sa opentelemetry-demo
4. oc adm policy add-scc-to-user anyuid -z opentelemetry-demo
5. helm install otel-demo open-telemetry/opentelemetry-demo \
--namespace opentelemetry-demo \
--set serviceAccount.create=false \
--set serviceAccount.name=opentelemetry-demo \
--set prometheus.rbac.create=false \
--set prometheus.serviceAccounts.server.create=false \
--set prometheus.serviceAccounts.server.name=opentelemetry-demo \
--set grafana.rbac.create=false \
--set grafana.serviceAccount.create=false \
--set grafana.serviceAccount.name=opentelemetry-demo
Ran the following additional step to resolve the problem:
oc adm policy add-scc-to-user privileged -z opentelemetry-demo
We will close this issue if:
- The steps you provided are complex.
- If we can not reproduce the behavior you're reporting.
Additional Context
Environment: OpenShift version 4.15.3 with 3 master nodes and 3 worker nodes